Page 1 of 1

Running PHP code from the database

Posted: Tue Aug 16, 2005 12:26 pm
by sk8erh4x0r
Is there a way to get PHP code to execute when selected from the database?

Code: Select all

$query = "SELECT * FROM `test`";
$result = mysql_query($query) or die(mysql_error());

while($row = mysql_fetch_assoc($result)){
echo $row['code'];
}
?>
$row['code'] is:

Code: Select all

<?php
echo "This is a test";
?>
I want it to echo 'This is a test' on the page.

Re: Running PHP code from the database

Posted: Tue Aug 16, 2005 12:28 pm
by nielsene

Posted: Tue Aug 16, 2005 12:33 pm
by biznickman
Example

Code: Select all

<?php
$sql = "SELECT class,function,arguments,instantiate FROM page_classes WHERE page='$_REQUEST[page]'";
$result = mysql_query( $sql ) or die( mysql_error() );
while( $assoc = mysql_fetch_assoc( $result ) ){
    eval("\$class = new $assoc[instantiate];");
}
?>

Posted: Tue Aug 16, 2005 12:36 pm
by feyd
warning: be extremely careful with stored code.

Posted: Tue Aug 16, 2005 12:37 pm
by sk8erh4x0r
i don't understand that example.. plus, what's $class?

Posted: Tue Aug 16, 2005 12:40 pm
by biznickman
$class is A variable being assigned to a new class. If you are unaware of what classes are, I suggest reading up on them at http://us3.php.net/manual/en/ref.classobj.php . Unfortunately, php is not much of an object oriented language, so for whatever purpose you are using eval, this may not be the most useful. If you want to provide a little more detail as to what you are trying to accomplish, that would be useful.

Posted: Tue Aug 16, 2005 1:36 pm
by Fractal

Code: Select all

<?php

include "connect.php";

$PID=$_GET['PID'];
$page="SELECT * FROM Pages WHERE PID='$PID'";
$page2=mysql_query($page);
while ($page3=mysql_fetch_assoc($page2))
{
  eval("\$ps = new $page3[PageSource];");
}

?>
Here's what I have in the table exactly.

Code: Select all

<?php

session_start();
include "connect.php";

if (isset($_SESSION['Username']))
{
  session_destroy();
  print "You have been logged out.";
}
else
{
  print "You must be logged in before you can logout.";
}

?>
It keeps parsing no matter what I have in the table.

Parse error: parse error, unexpected '<', expecting T_STRING or T_VARIABLE or '$' in /home/fractal/domains/ut-online.org/public_html/logout.php(11) : eval()'d code on line 1


Any ideas?

EDIT: This topic was posted for me since I didn't have an account at the time.. .-.

Posted: Tue Aug 16, 2005 1:43 pm
by feyd
I'm going to guess that you have <?php or similar as the first thing... you don't need that, you're already running in php.

It'd be nice to know what's in the record to better help...

Posted: Tue Aug 16, 2005 1:45 pm
by Fractal
feyd wrote:I'm going to guess that you have <?php or similar as the first thing... you don't need that, you're already running in php.

It'd be nice to know what's in the record to better help...
I thought about that but when I removed the <?php and ?> tags it complained about the session_start();
Then I removed that and it complained about the include "connect.php";
Then I removed that aswell and it complained about the if statement I have..

Posted: Tue Aug 16, 2005 1:46 pm
by nielsene

Code: Select all

<?php

include "connect.php";

$PID=$_GET['PID'];
$page="SELECT * FROM Pages WHERE PID='$PID'";
$page2=mysql_query($page);
while ($page3=mysql_fetch_assoc($page2))
{
  eval("{$page3['PageSource']}");
}
?>
This should be closer to what you want. The class example sent you off on the wrong direction.

Posted: Tue Aug 16, 2005 1:47 pm
by Fractal
nielsene wrote:

Code: Select all

<?php

include "connect.php";

$PID=$_GET['PID'];
$page="SELECT * FROM Pages WHERE PID='$PID'";
$page2=mysql_query($page);
while ($page3=mysql_fetch_assoc($page2))
{
  eval("{$page3['PageSource']}");
}
?>
This should be closer to what you want. The class example sent you off on the wrong direction.
Thanks nielsene... That fixed it =D

Posted: Tue Aug 16, 2005 6:45 pm
by shoebappa
Sounds like a pretty bad idea. I can rarely think of a time when eval is useful, or more importantly safe. Why exactly are you storing code, there has to be a better way...

Posted: Tue Aug 16, 2005 9:17 pm
by jwalsh
I never did understand the use of stored procedures on a non-compiled language like PHP. Really is not worth the risk.

Posted: Tue Aug 16, 2005 9:28 pm
by nielsene
jwalsh wrote:I never did understand the use of stored procedures on a non-compiled language like PHP. Really is not worth the risk.
This isn't a stored procedure, by any sense of the term, when its normally used in database parlence.